The week's pick
Random Articles
Reseach Article
Analysis of Multi-factor Authentication (MFA) Schemes in Zero Trust Architecture (ZTA): Current State, Challenges, and Future Trends
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 186 - Number 57 |
| Year of Publication: 2024 |
| Authors: Yuanyuan Liu |
10.5120/ijca2024924310
|
Yuanyuan Liu . Analysis of Multi-factor Authentication (MFA) Schemes in Zero Trust Architecture (ZTA): Current State, Challenges, and Future Trends. International Journal of Computer Applications. 186, 57 ( Dec 2024), 30-36. DOI=10.5120/ijca2024924310
Abstract
This research provides a detailed analysis of multi-factor authentication (MFA) in Zero-Trust Architecture (ZTA). It focused the discussion on current practices and critical challenges encountered, sharing some insights into the future direction by finding "gaps.” “The field of Cyber security is a constantly changing environment. From the beginning of "trust but verify," it has gradually changed to "always verify, never trust." In this case, MFA becomes a key and effective measure to enhance confidentiality in ZTA. ZTA requires that all entities within the system must verify their identities on an ongoing basis, often using MFA. With the widespread use of telecommuting, cloud services, and the Internet of Things, the demand for identity authentication is also increasing. The MFA uses multiple authentication steps to enhance security and trust in the system. However, implementing and applying MFA in the ZTA environment has not been smooth sailing. Some schemes directly affect the popularity of MFA in their implementation, such as poor user experience, complex integration, and poor scalability. The author first reviewed some of the existing MFA programs to get to the root cause and try to fix the problem. By analyzing these typical cases, best practices are found, and strategies for improvement are proposed. The aim is to promote a balance between ease of use and security in MFA. Finally, through literature review and case studies, as well as the exploration of emerging technologies such as adaptive MFA and zero-knowledge proof, The author explore some new approaches to improve the ease and efficiency of MFA in ZTA systems.
References
- D. Dasgupta, A. Roy, and A. Nag, "Multi-Factor Authentication," in Advances in User Authentication, Infosys Science Foundation Series, Springer, Cham, 2017, pp. 45-68. DOI: 10.1007/978-3-319-58808-7_5
- Das, S., Wang, B., Tingle, Z., & Camp, L. J. (2019). Evaluating user perception of multi-factor authentication: A systematic review. arXiv preprint arXiv:1908.05901
- Ghasemshirazi, G. Shirvani, and M. A. Alipour, "Zero Trust: Applications, Challenges, and Opportunities," arXiv preprint, 2023. DOI: 10.48550/arXiv.2309.03582.
- Adenubi, Adeola & Oduroye, Ayorinde. (2023). "ZERO TRUST NETWORKS: A PARADIGM FOR PASSWORD-LESS AUTHENTICATION IN THE MODERN CYBERSECURITY LANDSCAPE."
- Microsoft: 99.9% of compromised accounts did not use multi-factor authentication. https://www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factorauthentication/, 2020.
- Ariel F. Pomputius. A Review of Two-Factor Authentication: Suggested Security Effort Moves to Mandatory. Medical Reference Services Quarterly, 37(4):397–402, 2018.
- Roger Piqueras Jover. 2020. Security analysis of SMS as a second factor of authentication. Commun. ACM 63, 12 (December 2020), 46–52.
- Zukarnain ZA, Muneer A, Ab Aziz MK. Authentication Securing Methods for Mobile Identity: Issues, Solutions and Challenges. Symmetry. 2022; 14(4):821. https://doi.org/10.3390/sym14040821
- Riseul Ryu, Soonja Yeom, David Herbert, Julian Dermoudy,The design and evaluation of adaptive biometric authentication systems: Current status, challenges and future direction, ICT Express,Volume 9, Issue 6,2023,Pages 1183-1197,ISSN 2405-9595, https://doi.org/10.1016/j.icte.2023.04.003.
- Xiao, Yue, et al. "From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices." arXiv preprint arXiv:2403.15271 (2024)
- D. Subbarao, B. Raju, and F. Anjum, "Microsoft Azure Active Directory for Next Level Authentication to Provide a Seamless Single Sign-On Experience," Applied Nanoscience, vol. 13, pp. 1655-1664, 2023. DOI: 10.1007/s13204-021-02021-0.
- Xu, Yanbin, Jian, Xinya, Li, Tao, Zou, Shuang, Li, Beibei, Blockchain-Based Authentication Scheme with an Adaptive Multi-Factor Authentication Strategy, Mobile Information Systems, 2023, 4764135, 13 pages, 2023. https://doi.org/10.1155/2023/4764135
- Gartner (2019). Hype Cycle for Identity and Access Management Technologies, 2019.
- Casey, M., Manulis, M., Newton, C.J.P., Savage, R., Treharne, H. (2020). An Interoperable Architecture for Usable Password-Less Authentication. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2020. Lecture Notes in Computer Science(), vol 12515. Springer, Cham. https://doi.org/10.1007/978-3-030-64455-0_2
- World Economic Forum: Passwordless authentication: The next break-through in secure digital transformation. http://www3.weforum.org/docs/WEF Passwordless Authentication.pdf (2020)
- M. Belotti, N. Božić, G. Pujolle and S. Secci, "A Vademecum on Blockchain Technologies: When, Which, and How," in IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3796-3838, Fourthquarter 2019, doi: 10.1109/COMST.2019.2928178.
- Xu, Y., Meng, Y. & Zhu, H. An Efficient Double-Offloading Biometric Authentication Scheme Based on Blockchain for Cross Domain Environment. Wireless Pers Commun 125, 599–618 (2022). https://doi.org/10.1007/s11277-022-09567-
- "How effective is multifactor authentication at deterring cyberattacks?" arXiv preprint, 2023. DOI: 10.48550/arXiv.2305.00945.
Index Terms
Keywords